{"id":271128,"date":"2026-06-09T12:27:00","date_gmt":"2026-06-09T16:27:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/09\/cisa-is-rethinking-how-it-prioritizes-risks-and-vulnerabilities-for-feds-private-sector\/"},"modified":"2026-06-12T08:36:47","modified_gmt":"2026-06-12T12:36:47","slug":"cisa-is-rethinking-how-it-prioritizes-risks-and-vulnerabilities-for-feds-private-sector","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/09\/cisa-is-rethinking-how-it-prioritizes-risks-and-vulnerabilities-for-feds-private-sector\/","title":{"rendered":"CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/cisa-cyber-risk-prioritization-vulnerability-directive\/\">CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/cisa-cyber-risk-prioritization-vulnerability-directive\/\">https:\/\/cyberscoop.com\/cisa-cyber-risk-prioritization-vulnerability-directive\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-09 12:27:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday.<\/p>\n<p>The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and operators about which assets they need to protect most and how, Andersen said while speaking at an event hosted by Axonius in Washington, D.C. and talking with reporters afterwards.<\/p>\n<p>The binding operational directive looks to revise how federal agencies do vulnerability management, he said. \u201cOverall, our approach to date has been \u2018A patch is released, apply this patch as quickly as you can,\u2019\u201d he said.<\/p>\n<p>\u201cWe\u2019re really asking people to take more of a focus on risk associated with each vulnerability. Is it with an asset that is internet-exposed? Does it align to a KEV entry?\u201d he said, referring to CISA\u2019s list of known exploited vulnerabilities. \u201cIs it automatable in its exploitation? Really, we need to be able to highlight that some patches just aren\u2019t as important as others, and plugging the holes for some vulnerabilities is simply not as important as others.\u201d<\/p>\n<p>Andersen said he has made setting the right priorities the focus of his tenure.<\/p>\n<p>\u201cWe have to be okay with saying there are some systems that are less important than others, there are some elements of critical infrastructure that are less important than others,\u201d he said. \u201cThose things are very easy for us to rationalize [for] physical crises, but we need to start wrapping our minds around how we\u2019re going to do that during cyber crises.\u201d<\/p>\n<p>Andersen said artificial intelligence-enhanced threats have fueled the directive in part, based on \u201ca recognition that we\u2019re a different dynamic environment with the shorter timeline to weaponization and&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/cisa-cyber-risk-prioritization-vulnerability-directive\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector https:\/\/cyberscoop.com\/cisa-cyber-risk-prioritization-vulnerability-directive\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":271129,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/06\/IMG_5095-1.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,24,27],"class_list":["post-271128","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271128"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=271128"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271128\/revisions"}],"predecessor-version":[{"id":271130,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271128\/revisions\/271130"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/271129"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=271128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=271128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=271128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}